ID

VAR-202012-1527

CVE

CVE-2020-1971

TITLE

OpenSSL  In  NULL  Pointer reference vulnerability

DESCRIPTION

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). OpenSSL Project Than, OpenSSL Security Advisory [08 December 2020] Has been published. Severity - high (Severity: High)EDIPARTYNAME NULL pointer reference - CVE-2020-1971OpenSSL of GENERAL_NAME_cmp() the function is X.509 This function compares data such as the host name included in the certificate. GENERAL_NAME_cmp() Both arguments to be compared in the function are EDIPartyName If it was of type GENERAL_NAME_cmp() in a function NULL pointer reference (CWE-476) may occur and crash the server or client application calling the function.Crafted X.509 Denial of service by performing certificate verification processing (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. This issue was reported to OpenSSL on 9th November 2020 by David Benjamin (Google). Initial analysis was performed by David Benjamin with additional analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell. Note ==== OpenSSL 1.0.2 is out of support and no longer receiving public updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20201208.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5641-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5641 Issue date: 2020-12-21 CVE Names: CVE-2020-1971 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: openssl-1.0.2k-9.el7_4.src.rpm x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: openssl-1.0.2k-9.el7_4.src.rpm ppc64le: openssl-1.0.2k-9.el7_4.ppc64le.rpm openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-devel-1.0.2k-9.el7_4.ppc64le.rpm openssl-libs-1.0.2k-9.el7_4.ppc64le.rpm x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: openssl-1.0.2k-9.el7_4.src.rpm x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-perl-1.0.2k-9.el7_4.ppc64le.rpm openssl-static-1.0.2k-9.el7_4.ppc64le.rpm x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+CSxtzjgjWX9erEAQi3/w//Rv57DkdeZ0UAjMCli5BavpQzTqZUf0f2 BZCsLAdkggAxJly0ueWpdnQri8/5svI9GdRykPvjIYaR3CJtPbeFlg2b4rTzYudG wAQ5bNHZ6mVEiFtDboqcsDAIGHpij3Dd7nr7rngy/eSFmC+WE7o2fJ232K6szSCJ 5Pxz69Xx/FenX//PXPFUZCMxuvBKyQEdWZju6HJkxqdfnepdQNKD+cx/RA7XKk7L Wu0U+SeVDHJrzSntuHV3nAyAj51aO0Lt6tkw4Y+P9iv7fup0Idb/XJi8iICKsx8R IABgCClcL2Y8AaAXdp9++PNoYTO0smoa+wFE/YjZFvXyP2TlQERcrn2uaWcm+G/v GdKl/0z2FEfEV5Gh6T6XJNo1Lk9DqtXcG8wW71p64OYNWptztDgw8ipQzJL9yIOU gmtjxOOsteziZEyFcNIZGV2QbI6wA8Y8FN33+e7YwNmXaFivPGXr0SoUuo9ya8i0 T8lWgOSQpY/1XazsDxNq1RY3y9M9zq+MCBS7xTB7AILm4daQc3msUSaLay6+HhQR ze30eFpLxYWlLxJmJNbq7MMGEmv+nJryNW3fPdZ1SOcR7mlkB4atp4+H5iEW69pV MDdDUZe5ZLVrYX4/p5BsaeFo/b7qGJGE4OmiXoDsvyO/HgGurAv7NAmYZfZ3exAr 02z1QWeZU4Q= =eYwW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * Container-native Virtualization 2.5.3 Images (BZ#1902961) 3. Bugs fixed (https://bugzilla.redhat.com/): 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902961 - Container-native Virtualization 2.5.3 Images 5. 7) - aarch64, ppc64le, s390x 3. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.12. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:0038 Space precludes documenting all of the container images in this advisory. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.12-x86_64 The image digest is sha256:5c3618ab914eb66267b7c552a9b51c3018c3a8f8acf08ce1ff7ae4bfdd3a82bd (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.12-s390x The image digest is sha256:9e78700d5b1b8618d67d39f12a2c163f08e537eb4cea89cd28d1aa3f4ea356bb (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.12-ppc64le The image digest is sha256:290cd8207d81123ba05c2f4f6f29c99c4001e1afbbfdee94c327ceb81ab75924 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1810470 - [Flake] volume expansion tests occasionally flake with EBS CSI driver 1811341 - Subpath test pod did not start within 5 minutes 1814282 - Storage e2es leaving namespaces/pods around 1836931 - `oc explain localvolume` returns empty description 1842747 - Not READYTOUSE volumesnapshot instance can not be deleted 1843008 - Fix reconcilliation of manifests for 4.6 channel for LSO 1850161 - [4.6] the skipVersion should exactly match regex in art.yaml 1852619 - must-gather creates empty files occasionally 1866843 - upgrade got stuck because of FailedAttachVolume 1867704 - cluster-storage-operator needs to grant pod list/watch permissions to aws operator 1867757 - Rebase node-registrar sidebar with latest version 1871439 - Bump node registrar golang version 1871955 - Allow snapshot operator to run on masters 1872000 - Allow ovirt controller to run on master nodes 1872244 - [aws-ebs-csi-driver] build fails 1872290 - storage operator does not install on ovirt 1872500 - Update resizer sidecar in CSI operators to use timeout parameter than csiTimeout 1873168 - add timeout parameter to resizer for aws 1877084 - tune resizer to have higher timeout than 2mins 1879221 - [Assisted-4.6][Staging] assisted-service API does not prevent a request with another user's credentials from setting cluster installation progress 1881625 - replace goautoreneg library in LSO 1886640 - CVE-2020-8566 kubernetes: Ceph RBD adminSecrets exposed in logs when loglevel >= 4 1888909 - Placeholder bug for OCP 4.6.0 rpm release 1889416 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1889936 - Backport timecache LRU fix 1894244 - [Backport 4.6] IO archive contains more records of than is the limit 1894678 - Installer panics on invalid flavor 1894878 - Helm chart fails to install using developer console because of TLS certificate error 1895325 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1895426 - unable to edit an application with a custom builder image 1895434 - unable to edit custom template application 1897337 - Mounts failing with error "Failed to start transient scope unit: Argument list too long" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898178 - [OVN] EgressIP does not guard against node IP assignment 1899266 - [4.6z] Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1899622 - [4.6z] configure-ovs.sh doesn't configure bonding options 1900736 - [SR-IOV] Backport request to SR-IOV operator version 4.6 - SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1900792 - Track all resource counts via telemetry 1901736 - additionalSecurityGroupIDs not working for master nodes 1903353 - Etcd container leaves grep and lsof zombie processes 1905947 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1906428 - [release-4.6]: When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1906723 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1906836 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1907203 - clusterresourceoverride-operator has version: 1.0.0 every build 1908472 - High Podready Latency due to timed out waiting for annotations 1908749 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service` 1908803 - [OVN] Network Policy fails to work when project label gets overwritten 1908847 - [4.6.z] RHCOS 4.6 - Missing Initiatorname 1909062 - ARO/Azure: excessive pod memory allocation causes node lockup 1909248 - Intermittent packet drop from pod to pod 1909682 - When scaling down the status of the node is stuck on deleting 1909990 - oVirt provider uses depricated cluster-api project 1910066 - OpenShift YAML editor jumps to top every few seconds 1910104 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1911790 - [Assisted-4.6] [Staging] reduce disk speed requirement for test/dev environments 1913103 - Placeholder bug for OCP 4.6.0 rpm release 1913105 - Placeholder bug for OCP 4.6.0 metadata release 1913263 - [4.6] Unable to schedule a pod due to Insufficient ephemeral-storage 1913329 - [Assisted-4.6] [Staging] Installation fails to start 1914988 - [4.6.z] real-time kernel in RHCOS is not synchronized 1915007 - Fixed by revert -- Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

overflow

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-04-18T20:23:51.030000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE